[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: An "orthogonal" way of using libpam



On Sun, Dec 22, 2002 at 05:20:56PM +0100, Ivan Popov wrote:
 > [ .... ]
> Hence, I would advocate for moving the configuration from the compilation
> phase to the runtime one, like if compiled with --with-runtime-config
> it would look at $PAM_CONFIG and use it in some way to find
>  - pam.{d,conf}
>  - security/modules
>  (have I forgotten something?)
> 
> Of course it is not suitable for setuid binaries like login, but
> 1. a setuid check may be done before looking for PAM_CONFIG,
> 2. --without-runtime-config will be exactly as safe as it is now
> 
> Any objections? Any support?! :-)

That sounds like an excellent idea.  It would help with testing
too.

One tiny thing -- I wouldn't neccesarily make it a environment
variable, make it an option instead.  Env vars are too hard to keep
track of.

Matt





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []